ML23236A008

From kanterella
Jump to navigation Jump to search

U.S. NRC Staff Observations Regarding Xe-100 White Paper Plant Control and Data Acquisition System
ML23236A008
Person / Time
Site: 99902071
Issue date: 08/24/2023
From: Michael Wentzel
NRC/NRR/DANU/UAL2
To: Chapman T
X-Energy
References
EPDI L-2022-LRO-0013
Download: ML23236A008 (1)
v  d  e


Text

OFFICIAL USE ONLY PROPRIETARY INFORMATION Enclosure OFFICIAL USE ONLY PROPRIETARY INFORMATION U.S. NUCLEAR REGULATORY COMMISSION STAFFS OBSERVATIONS REGARDING XE-100 WHITE PAPER: PLANT CONTROL AND DATA ACQUISITION SYSTEM (EPID: L-2022-LRO-0013)

SPONSOR AND SUBMITTAL INFORMATION Sponsor:

X Energy, LLC (X-energy)

Sponsor Address:

801 Thompson Avenue Rockville, MD 20852 Docket /Project No(s).:

99902071 Submittal Date:

February 17, 2023 Submittal Agencywide Documents Access and Management System (ADAMS)

Accession No.: ML23048A308 Brief Description of the White Paper: The white paper, Xe-100 Plant Control and Data Acquisition System White Paper, Revision 3, describes: (1) the regulatory framework, which X-energy plans to use to align the Xe-100 Plant Control and Data Acquisition System (PCDAS),

(2) the regulatory guidance documents X-energy considered in the PCDAS design process, (3) the Xe-100s overall PCDAS architecture and overall PCDAS functional design, (4) the selected principal design criteria (PDCs) to which X-energy plans to design the PCDAS to, and (5) the preliminary classification of PCDAS subsystems.

The U.S. Nuclear Regulatory Commission (NRC) staff made no regulatory findings on this white paper, and nothing herein should be interpreted as official agency positions.

Action Requested: X-energy requested the NRC staff to review and comment on the contents of this white paper, most notably the following:

1. Whether the instrumentation and control (I&C) architecture is acceptable for further review and conforms to fundamental industry design principles and best practices;
2. whether functional design criteria have been established that will allow the future review of the I&C systems for both safety-significant and non-safety-significant functions;
3. whether the I&C system classifications align with the philosophy of Regulatory Guide (RG) 1.233, Revision 0, Guidance for Technology-Inclusive, Risk-Informed, and Performance-Based Methodology to Inform the Licensing Basis and Content of Applications for Licenses, Certifications, and Approvals for Non-Light-Water Reactors (ML20091L698), and Nuclear Energy Institute (NEI) 18-04, Revision 1, Risk-Informed

OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION Performance-Based Technology Inclusive Guidance for Non-Light Water Reactor Licensing Basis Development (ML22060A190);

4. whether alignment of the I&C systems design to the framework of the NRC staffs Design Review Guide (DRG), Instrumentation & Controls (I&C) for Non-Light Water Reactor (Non-LWR) Reviews, is acceptable; and
5. whether the regulatory guidance documents specified for consideration in the I&C design process are appropriate.

FEEDBACK AND OBSERVATIONS Overall, the NRC staff notes that the white paper provides a reasonable approach for the five items listed as follows:

1. The I&C architecture appears to be acceptable for further review and is generally consistent with the fundamental I&C design principles.
2. The stated functional design criteria for the I&C systems appear to be reasonable and would allow future review of the Xe-100 I&C systems.
3. Preliminary and assumed I&C system classifications appear to be consistent with RG 1.233 and NEI 18-04, and should be updated based on the information from the implementation of the NEI 18-04 methodology including the probabilistic risk assessment and the design basis accident analysis.
4. The Xe-100 I&C system design appears to be aligned with the DRG framework.

However, the X-energy licensing application is not required to align with NUREG-0800, Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants: LWR Edition, Standard Review Plan (SRP) Chapter 7, Instrumentation and Controls, and associated Branch Technical Positions (BTPs).

5. Specified regulatory guidance documents for the I&C design process at this conceptual design stage appear appropriate.

Specific NRC staff feedback is provided below:

1. Section 1.2, Scope states that, The scope of this document includes the control, protection, and monitoring systems, their high-level functional designs and licensing basis development, the safety classifications of the included I&C systems, and the important interfaces between the various systems. X-energy should clarify the scope and whether it covers all control, protection, and monitoring systems needed for the protection of the non-reactor radiological sources with the plant. It does not appear to do so since there is no discussion of, for example, the Fuel Handling and Storage System which contains non-reactor radiological sources.
2. As discussed in Section 5.3, Reactor Protection System (RPS), the RPS is based on the Highly Integrated Protection System (HIPS) platform. The Safety Evaluation (SE) performed by the NRC staff of the HIPS platform Topical Report (TR) 1015-18653-P-A,

OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION Revision 2 (ML17256A892), documents a list of application-specific action items (ASAIs). If X-energy intends to reference the HIPS TR in the Xe-100 design, X-energy should discuss its plan for addressing the ASAIs documented in the aforementioned SE for both the construction permit (CP) and operating license (OL) applications. In addition, any deviations from the HIPS platform and configuration approved in the TR needs to be fully addressed in addition to the ASAIs. If X-energy does not intend to reference the HIPS TR, the NRC staff encourages additional discussions on the subject in the future.

The legend in Figure 5, Interface Between RPS and PEMS/DCS/IPS, discusses the

((

)) in the Xe-100 I&C design would need to be addressed by X--energy.

3. Section 3.5, Example of Alternative Approach to Regulatory Requirements, states that the Xe-100 plant licensing basis will not adopt the Institute of Electrical and Electronics Engineers (IEEE) Standard (Std.) 379-2000, IEEE Standard Application of the Single-Failure Criterion to Nuclear Power Generating Station Safety Systems,1 as endorsed by RG 1.53, Application of the Single-Failure Criterion to Safety Systems, Revision 2 (ML033220006). Instead, this section discusses X-energys plans for using the methodology described in NEI 18-04 as endorsed by RG 1.233. The NEI 18-04 methodology replaces the single-failure criterion with a probabilistic (reliability) criterion.

Application of the single-failure criterion under the NEI 18-04 methodology may not be necessary because some of the advanced non-light water reactor designs employ a diverse combination of inherent, passive, and active design features to perform the credited safety functions across layers of defense. However, Section 4.2.4, Functional Design of the Reactivity Control and Shutdown System (RCSS), of this white paper discusses how the application of the single-failure criterion is preliminarily considered appropriate for the RCSS such that no single failure of any component will prevent it from tripping the reactor. A similar statement is found in Section 4.2.3, Functional Design of the RPS, regarding how the RPS is designed such that no single failure of any component will prevent it from tripping the reactor. Therefore, X-energy should clarify its plans for applying the single-failure criterion in the I&C architecture design of the Xe-100 plant.

4. For systems such as the Investment Protection System (IPS) and the Post-Event Monitoring System (PEMS), the white paper states that they were preliminary classified as Non--Safety Related with Special Treatment (NSRST) per the NEI 18-04 methodology and will be reviewed and updated as necessary as the design progresses.

While the NRC staff does not object to the preliminary classification for these and similar systems, X-energy should ensure that the classification process factors in the information from the implementation of the NEI 18-04 methodology including analyses such as the probabilistic risk assessment and the design basis accident analysis.

X-energy should provide an update on the classification for these and similar systems in support of the licensing applications commensurate with corresponding design phases (e.g., a preliminary design for CP application and a final design for an OL application).

5. The abbreviation ANS is used by X-energy for both American Nuclear Society and 1 Copies may be purchased from the Institute of Electrical and Electronics Engineers, Inc., 445 Hoes Lane, Piscataway, NJ 08855.

OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION Announcement and Notification System. Consider using a different acronym for announcement and notification system.

6. The definitions for Plant and Unit are identical. Consider making some of distinction between these two definitions.
7. Section 3.3, Applicable Regulatory Guidance, identifies the following as criteria:

Staff Requirements Memorandum (SRM)-SECY-93-087, SECY-93-087 - Policy, Technical, and Licensing Issues Pertaining to Evolutionary and Advanced Light--Water Reactors (ML003708056)

SECY-22-0076, Expansion of Current Policy on Potential Common-Cause Failures in Digital Instrumentation and Control Systems (ML22164B003), and RG 1.152, Revision 3, Criteria for Use of Computers in Safety Systems of Nuclear Power Plants (ML102870022)

X-energy should note that SECY-22-0076 is with the NRC Commission. The proposed policy would expand the use of risk-information for addressing potential common cause failure (CCF) in a digital I&C system. The NRC Commissions direction on this matter may impact the NRC staffs guidance on addressing potential CCF as currently found in SRM-SECY-93-087.

Draft Regulatory Guide (DG)-1374, Criteria for Programmable Digital Devices in Safety--Related Systems of Nuclear Power Plants (ML23012A242), has recently been issued for public comments. DG-1374 is updating RG 1.152, Revision 3 to endorse the use of IEEE Std. 7-4.3.2-2016, IEEE Standard Criteria for Programmable Digital Devices in Safety Systems of Nuclear Power Generating Stations.1 X-energy should be aware of the progress of this DG and consider using the latest regulatory guidance documents.

If the use of commercial-grade items in safety-significant applications for the Xe-100 design is anticipated, X-energy may consider using RG 1.164, Revision 0, Dedication of Commercial-Grade Items for Use in Nuclear Power Plants (ML17041A206), and RG 1.250, Revision 0, Dedication of Commercial-Grade Digital instrumentation and control Items for Use in Nuclear Power Plants (ML22153A408).

8. Section 3.3, Applicable Regulatory Guidance lists BTPs, which are part of SRP Chapter 7. Since X-energy plans to use the DRG and NEI 21-07, Revision 1, Technology Inclusive Guidance for Non-Light Water Reactors Safety Analysis Report Content for Applicants Using the NEI 18-04 Methodology (ML22060A190), rather than SRP Chapter 7 as stated in Section 3.4, the BTPs listed in Section 3.3 as applicable regulatory guidance is confusing. X-energy should clarify this issue.
9. In a licensing application, it may be important to describe the level of diversity or independence between Distributed Control System (DCS) and IPS and its significance in demonstrating adequacy of defense-in-depth (DID).

OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION

10. In Table 2, Preliminary IPS Response Matrix and Table 3, Preliminary Xe-100 RPS Response Matrix, the column heading Nominal Setpoint 100% MCR is confusing.

Clarify if it is a nominal control setting or a trip setpoint. X-energy should clarify what 100% MCR stands for. In this white paper, the MCR abbreviation stands for Main Control Room. X-energy should clarify if the values in the column represent nominal control settings at 100 percent reactor thermal power.

11. In Table 2, Preliminary IPS Response Matrix, X-energy should clarify the reason for the IPS Corrective Action Setpoint and the Protective Action Setpoint for neutron flux Power Range Neutron Detector High being the same value. The NRC staff understands that the Corrective Action and Protective Action are different and are not reasonable to take place at the same time.
12. Section 4.2.7, Functional Design of the Seismic Monitoring System (SMS), states that the SMS does not perform any safety indication or control functions and is classified as Non--Safety Related with No Special Treatment (NST). It further states that the SMS is designed to conform to PDCs 1-4 and 13. Clarify how X-energy determined that the listed PDCs are needed for the SMS given it is an NST system. X-energy should clarify if the approach described in the white paper is consistent with the approach in the Xe-100 PDC TR (ML22195A260). The Xe-100 PDCs in the TR are focused on safety-significant structures, systems, and components (SSCs), consistent with the NEI 18-04 methodology.
13. Section 4.4, Interfaces Between Control and Protection, states that due to space limitations some of the instrumentation is currently planned to be shared between RPS and IPS/DCS. In this case, X-energy should adequately demonstrate that any of the faults within IPS or DCS do not adversely impact the safety functions as part of its licensing applications.
14. Section 4.4.3 has the title Interface Between RCSS and RPS/IPS/DCS. This section does not discuss the interface between the RCSS and the RPS. X-energy should clarify the interface between the two systems.
15. Section 4.7, Cyber security:
a. X-energy should engage with the NRC staff early if it intends to seek exemptions from the cyber security requirements in Title 10 of the Code of Federal Regulations (10 CFR) Section 73.54, Protection of digital computer and communication systems and networks, and whether it intends to implement a cyber security program using an approach other than the currently approved frameworks in RG 5.71, Revision 1, Cyber Security Programs for Nuclear Power Reactors (ML22258A204), or cyber security plan template NEI 08-09, Revision 6, Cyber Security Plan for Nuclear Reactors (ML101180437).
b. X-energy discusses ((

)) of the cyber security program; however, the discussion seems incomplete. For example, the ((

)) In addition, X-energy should consider to what extent it plans to address cyber security during the Xe-100 plant design phase.

OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION

c. While the section refers to guidance documents such as NEI 08-09, Revision 6 and NEI 13-10, Revision 7, Cyber Security Control Assessments (ML21342A203), it does not refer to NEI 10-04, Revision 3, Identifying Systems and Assets Subject to the Cyber Security Rule (ML21342A168). X-energy should clarify its plans for using NEI 10-04 as part of the cyber security program development and implementation in support of the Xe-100 plant operations.
d. X-energy states that There is significant overlap between the Xe-100 SSC classification and the NEI 08-09 [critical digital asset (CDA)] classification. As written, this section does not provide enough information to understand the basis for this claim. For example, an indirect CDA must meet criteria such as the following per NEI 13-10:

If compromised, would not have an adverse impact on Safety-Related or Security functions. However, X-energy does not provide enough information in order to reach this conclusion. X-energy should provide enough information in the future to understand the basis for this and similar statements.

e. X-energy states that after ((

))

However, ongoing cyber security monitoring and assessment should be continuous regardless of inspections as discussed in RG 5.71. For example, continuous monitoring and assessment includes the use of automated support tools, as appropriate, to accomplish near real-time cyber security management for CDAs.

X-energy should address this issue as part of the cyber security program development and implementation in support of the Xe-100 plant operations.

f.

While this section does not discuss the use of wireless technologies, Section 4.6.6, Mobile Radio System (MRS), discusses the use of a wireless radio network for voice and data communications for the Xe-100 plant. X-energy should be aware of the guidance in RG 5.71 and NEI 08-09 associated with the use of wireless technologies and capabilities which are restricted for safety and important-to-safety CDAs. X-energy should address this issue as part of the cyber security program development and implementation in support of the Xe-100 plant operations.

16. Figure 18, Conceptual Plant-Wide Distributed Control System (PDCS) Architecture contains Remote Shutdown Room, which is used only once in the white paper. In other parts of the white paper, Reserve Shutdown Room is used instead. X-energy should clarify the usage of these different terminologies and specify if there is a specific reason for using different terminologies. In addition, X-energy should explain the color coding/scheme used in Figure 18. It is not clear to the NRC staff what the colors stand for.
17. Figure 19, Conceptual IPS Functional Architecture shows an input from Module DCS to IPS Protective Action (IPA) actuators. X-energy should clarify if it means that the DCS (NST) can control IPS (NSRST) equipment. On page 33, the white paper states that the IPS will not rely on receiving data from the DCS as it has a higher safety rating (NSRST vs. NST). X-energy should clarify.

OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION

18. In Section 4.5, Human System Interface (HSI), X-energy stated the following:

The Human-System Interface (HSI) Design is coordinated by the Human Factors Engineering (HFE) Design Team, in accordance with Xe-100 plant requirements, regulatory requirement such as NUREG-0700/0711, and HFE program related requirements.

The NRC staff clarifies that the documents NUREG-0700, Revision 3, Human-System Interface Design Review Guidelines (ML20162A214), and NUREG-0711, Revision 3, Human Factors Engineering Program Review Model (ML12324A013), are not regulatory requirements but instead guidance documents that describe acceptance criteria. X-energy should review 10 CFR 50.34, Contents of applications; technical information, paragraph (f)(2)(iii) for HFE requirements. Additionally, X-energy should also consider the following regulations that address general requirements related to the main control room that influence the HFE design:

o Regulation 10 CFR 50.34(f)(2)(ii) - continuing improvement of HFE and procedures o Regulation 10 CFR 50.34(f)(2)(iv) - safety parameter display system o Regulation 10 CFR 50.34(f)(3)(i) - use of operating experience o Regulation 10 CFR 50.54 (i) to (m) - staffing o Regulation 10 CFR 52.47 - level of detail required in design certification (DC) applications o Regulation 10 CFR 52.47(a)(8) - inclusion of 10 CFR 50.34(f) for 10 CFR Part 52 applications o Regulation 10 CFR 52.79 - content of combined license (COL) applications Moreover, X-energy should refer to the following requirements that are related to the main control room that influence the HFE design:

o Regulation 10 CFR 50.34(f)(2)(v) - automatic indication of the bypassed and operable status of safety systems o Regulation 10 CFR 50.34(f)(2)(xi) - relief and safety valve indication o Regulation o Regulation 10 CFR 50.34(f)(2)(xvii) - containment related indications o Regulation 10 CFR 50.34(f)(2)(xviii) - core cooling indications o Regulation 10 CFR 50.34(f)(2)(xix) - instrumentation for monitoring post-accident conditions that includes core damage o Regulation 10 CFR 50.34(f)(2)(xxvi) - leakage control o Regulation 10 CFR 50.34(f)(2)(xxvii) - radiation monitoring

19. In Section 4.2.1, Functional Design of the Distributed Control System (DCS), X-energy discusses automations by the DCS. X-energy should explain its plans for addressing any exemptions, as applicable, under 10 CFR 50.54, Conditions of licenses, paragraphs (i) and/or (j). Additionally, X-energy should provide the technical justification that provides assurance of safety for this approach to operation.

OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION Given the potential for policy implications associated with such an exemption request, X-energy should consider the option of submitting a TR on this particular issue to allow for early resolution of issues pertaining to load following operations. Upon issuance of an OL, the facility licensee could then incorporate such a TR by reference for a subsequent exemption request.

20. X-energy should explain its plans for addressing the other elements of the HFE program and design as it relates to HSI. Specifically, X-energy should explain its methodology on the development and use of HFE guidelines tailored to the unique aspects of X-energys design, including a style guide to define the design-specific conventions that will be used in the HSI design.
21. With respect to X-energys discussion on the reduction in staffing, the NRC staff understands that there was a TR submitted by X-energy on December 29, 2022, titled, Submittal of X Energy, LLC (X-energy), Xe-100 Licensing Topical Report: Xe-100 Training Program Methodology (ML22364A278). The NRC staff encourages X-energy to review the comments to this report (ML23103A187) in addition to discussions at the March 14, 2023, public meeting.
22. In Section 8.1 Cross References and References, NUREG-0711 was not listed as a reference, but was discussed in Section 4.5 of the white paper.

Principal Contributor(s): J.Ashcraft NRR/DEX/EICB I.Garcia NSIR/DPCP I.Jung NRR/DANU/UTB1 D.Ki NRR/DRO/IOLB/HFT T.Siddiky NSIR/DPCP/CSB D.Taneja NRR/DEX/ELTB

Retrieved from "https://kanterella.com/w/index.php?title=ML23236A008&oldid=5527462"